/**
* Setup complete action
*
* @param array $params Request variables
*
* @return bool Always true
*/
public function actionComplete($params = array())
{
$validator = new Validator();
$app = App::instance();
fn_define('CART_LANGUAGE', $app->getCurrentLangCode());
fn_define('DESCR_SL', $app->getCurrentLangCode());
$database = $app->getFromStorage('database_settings');
if (!empty($database)) {
$result = $validator->isMysqlSettingsValid($database['host'], $database['name'], $database['user'], $database['password'], $database['table_prefix'], $database['database_backend'], false);
if ($result) {
// Delete installer after store was installed.
fn_rm(Registry::get('config.dir.root') . '/install');
session_destroy();
$this->_prepareHttpData();
Session::init($params);
$user_data = array('user_id' => 1, 'user_type' => 'A', 'area' => 'A', 'login' => 'admin', 'is_root' => 'Y', 'company_id' => 0);
$_SESSION['auth'] = fn_fill_auth($user_data, array(), false, 'A');
if (is_file(Registry::get('config.dir.root') . '/install/index.php')) {
$_SESSION['notifications']['installer'] = array('type' => 'W', 'title' => 'warning', 'message' => 'delete_install_folder', 'message_state' => 'S', 'new' => true, 'extra' => '', 'init_message' => true);
}
$redirect_url = Registry::get('config.http_location') . '/' . Registry::get('config.admin_index') . '?welcome';
fn_redirect($redirect_url);
}
}
fn_redirect('install/index.php');
return true;
}
function fn_mb_place_order($data)
{
define('FORCE_SESSION_START', true);
$order_id = 0;
$mb_sess_id = base64_decode($data['mb_sess_id']);
if (!empty($mb_sess_id)) {
Session::resetId($mb_sess_id);
$cart =& $_SESSION['cart'];
$auth =& $_SESSION['auth'];
list($order_id, $process_payment) = fn_place_order($cart, $auth);
if (!empty($_REQUEST['order_id'])) {
$data = array('order_id' => $order_id, 'type' => 'S', 'data' => TIME);
db_query('REPLACE INTO ?:order_data ?e', $data);
$data = array('order_id' => $order_id, 'type' => 'E', 'data' => $_REQUEST['inner_order_id']);
db_query('REPLACE INTO ?:order_data ?e', $data);
}
}
return $order_id;
}
/**
* Garbage collector - move expired sessions to session archive
*
* @param int $max_lifetime session lifetime
*
* @return boolean always true
*/
public function gc($max_lifetime)
{
$sessions = db_get_array('SELECT * FROM ?:sessions WHERE expiry < ?i', TIME);
if ($sessions) {
foreach ($sessions as $session) {
Session::expire($session['session_id'], $session);
}
// delete old sessions
db_query('DELETE FROM ?:sessions WHERE expiry < ?i', TIME);
}
return true;
}
/**
* Removes service parameters from URL
* @param string $url URL
* @return string clean URL
*/
function fn_url_remove_service_params($url)
{
$params = array('is_ajax', 'callback', 'full_render', 'result_ids', 'init_context', 'skip_result_ids_check', 'anchor', Session::getName());
array_unshift($params, $url);
return call_user_func_array('fn_query_remove', $params);
}
unset($_SESSION['promotion_notices']);
$cart['pending_coupon'] = strtolower(trim($_REQUEST['coupon_code']));
$cart['recalculate'] = true;
if (!empty($cart['chosen_shipping'])) {
$cart['calculate_shipping'] = true;
}
return array(CONTROLLER_STATUS_OK);
}
if ($mode == 'add_profile') {
if (fn_image_verification('register', $_REQUEST) == false) {
fn_save_post_data('user_data');
return array(CONTROLLER_STATUS_REDIRECT, 'checkout.checkout?login_type=register');
}
if (list($user_id, $profile_id) = fn_update_user(0, $_REQUEST['user_data'], $auth, false, true)) {
$profile_fields = fn_get_profile_fields('O');
db_query("DELETE FROM ?:user_session_products WHERE session_id = ?s AND type = ?s AND user_type = ?s", Session::getId(), 'C', 'U');
fn_save_cart_content($cart, $user_id);
fn_login_user($user_id);
$step = 'step_two';
if (empty($profile_fields['B']) && empty($profile_fields['S'])) {
$step = 'step_three';
}
$suffix = '?edit_step=' . $step;
} else {
fn_save_post_data('user_data');
$suffix = '?login_type=register';
}
return array(CONTROLLER_STATUS_OK, 'checkout.checkout' . $suffix);
}
if ($mode == 'customer_info') {
$redirect_params = array();
} elseif ($mode == 'finish') {
$order_info = fn_get_order_info($order_id);
if ($order_info['status'] == 'O') {
$pp_response = array();
$pp_response['order_status'] = 'F';
$pp_response['reason_text'] = __('merchant_response_was_not_received');
$pp_response['transaction_id'] = '';
fn_finish_payment($order_id, $pp_response);
}
fn_order_placement_routines('route', $order_id, false);
}
}
} else {
$current_location = Registry::get('config.current_location');
$lang_code = CART_LANGUAGE == 'th' ? 'TH' : 'EN';
$sess = '&' . Session::getName() . '=' . Session::getId();
$_SESSION['thaiepay_refno'] = $order_id;
$return_url = fn_url("payment_notification.finish?payment=thaiepay&refno={$order_id}{$sess}", AREA, 'current');
echo <<<EOT
<form method="post" action="https://www.thaiepay.com/epaylink/payment.aspx" name="process">
<input type="hidden" name="refno" value="{$order_id}">
<input type="hidden" name="merchantid" value="{$processor_data['processor_params']['merchantid']}">
<input type="hidden" name="customeremail" value="{$order_info['email']}">
<input type="hidden" name="productdetail" value="{$processor_data['processor_params']['details']}">
<input type="hidden" name="total" value="{$order_info['total']}">
<input type="hidden" name="cc" value="{$processor_data['processor_params']['currency']}">
<input type="hidden" name="lang" value="{$lang_code}">
<input type="hidden" name="returnurl" value="{$return_url}">
EOT;
$msg = __('text_cc_processor_connection', array('[processor]' => 'thaiepay.com server'));
echo <<<EOT
/**
* Make cmpi_lookup request to 3-D Secure sevice provider
*
* @param array $processor_data Payment processor data
* @param array $order_info Order information
* @return boolean true
*/
function fn_cmpi_lookup($processor_data, $order_info, $mode = '')
{
unset($_SESSION['cmpi']);
$amount = preg_replace('/\\D/', '', $order_info['total']);
// array with ISO codes of currencies. //TODO: move to database.
$iso4217 = array('USD' => 840, 'GBP' => 826, 'EUR' => 978, 'AUD' => 036, 'CAD' => 124, 'JPY' => 392);
$settings = array('processor_id', 'merchant_id', 'transaction_password', 'transaction_url');
foreach ($settings as $setting) {
$_SESSION['cmpi'][$setting] = $processor_data['processor_params'][$setting];
}
$cardinal_request = <<<EOT
<CardinalMPI>
<MsgType>cmpi_lookup</MsgType>
<Version>1.7</Version>
<ProcessorId>{$_SESSION['cmpi']['processor_id']}</ProcessorId>
<MerchantId>{$_SESSION['cmpi']['merchant_id']}</MerchantId>
<TransactionPwd>{$_SESSION['cmpi']['transaction_password']}</TransactionPwd>
<TransactionType>C</TransactionType>
<Amount>{$amount}</Amount>
<CurrencyCode>{$iso4217[$processor_data['processor_params']['currency']]}</CurrencyCode>
<CardNumber>{$order_info['payment_info']['card_number']}</CardNumber>
<CardExpMonth>{$order_info['payment_info']['expiry_month']}</CardExpMonth>
<CardExpYear>20{$order_info['payment_info']['expiry_year']}</CardExpYear>
<OrderNumber>{$order_info['order_id']}</OrderNumber>
<OrderDesc>Order #{$order_info['order_id']}; customer: {$order_info['b_firstname']} {$order_info['b_lastname']};</OrderDesc>
<BrowserHeader>*/*</BrowserHeader>
<EMail>{$order_info['email']}</EMail>
<IPAddress>{$_SERVER['REMOTE_ADDR']}</IPAddress>
<BillingFirstName>{$order_info['b_firstname']}</BillingFirstName>
<BillingLastName>{$order_info['b_lastname']}</BillingLastName>
<BillingAddress1>{$order_info['b_address']}</BillingAddress1>
<BillingAddress2>{$order_info['b_address_2']}</BillingAddress2>
<BillingCity>{$order_info['b_city']}</BillingCity>
<BillingState>{$order_info['b_state']}</BillingState>
<BillingPostalCode>{$order_info['b_zipcode']}</BillingPostalCode>
<BillingCountryCode>{$order_info['b_country']}</BillingCountryCode>
<ShippingFirstName>{$order_info['s_firstname']}</ShippingFirstName>
<ShippingLastName>{$order_info['s_lastname']}</ShippingLastName>
<ShippingAddress1>{$order_info['s_address']}</ShippingAddress1>
<ShippingAddress2>{$order_info['s_address_2']}</ShippingAddress2>
<ShippingCity>{$order_info['s_city']}</ShippingCity>
<ShippingState>{$order_info['s_state']}</ShippingState>
<ShippingPostalCode>{$order_info['s_zipcode']}</ShippingPostalCode>
<ShippingCountryCode>{$order_info['s_country']}</ShippingCountryCode>
</CardinalMPI>
EOT;
Registry::set('log_cut_data', array('CardNumber', 'CardExpMonth', 'CardExpYear'));
$response_data = Http::post($_SESSION['cmpi']['transaction_url'], array('cmpi_msg' => $cardinal_request));
$cmpi = @simplexml_load_string($response_data);
$err_no = 0;
$_SESSION['cmpi']['enrolled'] = 'U';
$acs_url = '';
if (empty($response_data) || $cmpi === false) {
$_SESSION['cmpi']['eci_flag'] = fn_get_payment_card($order_info['payment_info']['card_number'], array('mastercard' => 1, 'visa' => 7, 'jcb' => 7));
$err_desc = 'Connection problem';
} else {
$err_no = intval((string) $cmpi->ErrorNo);
$err_desc = (string) $cmpi->ErrorDesc;
$acs_url = (string) $cmpi->ACSUrl;
$_SESSION['cmpi']['enrolled'] = (string) $cmpi->Enrolled;
$_SESSION['cmpi']['transaction_id'] = (string) $cmpi->TransactionId;
$_SESSION['cmpi']['eci_flag'] = (string) $cmpi->EciFlag;
}
if ($err_no == 0 && $_SESSION['cmpi']['enrolled'] == 'Y' && !empty($acs_url)) {
$sess = Session::getName() . '=' . Session::getId();
$payment_name = str_replace('.php', '', $processor_data['processor_script']);
$_SESSION['cmpi']['acs_url'] = $acs_url;
$_SESSION['cmpi']['order_id'] = $order_info['order_id'];
$_SESSION['cmpi']['frame_data'] = array('PaReq' => (string) $cmpi->Payload, 'TermUrl' => fn_url("payment_notification.bank?payment={$payment_name}&{$sess}", AREA, 'current'), 'MD' => '');
$frame_src = fn_url("payment_notification.frame?payment={$payment_name}&{$sess}", AREA, 'current');
$msg = __('text_cmpi_frame_message');
$back_link_msg = __('text_cmpi_go_back');
$dispatch = $mode == 'repay' ? 'orders.details?order_id=' . $order_info['order_id'] . '&' : 'checkout.checkout?';
$back_link = fn_url($dispatch . $sess, AREA, 'current');
echo <<<EOT
<table width="100%" cellspacing="0" cellpadding="0">
<tr>
<td valign="top" align="center">
<div style="width:500px;">
{$msg}
<br /><br />
</div>
</td>
</tr>
<tr>
<td valign="top" align="center">
<iframe width="420" height="420" marginwidth="0" marginheight="0" src="{$frame_src}"></iframe><br />
<br />
<div>
<a href="{$back_link}>{$back_link_msg}</a>
</div>
</td>
</tr>
</table>
EOT;
exit;
} else {
$_SESSION['cmpi']['err_no'][0] = $err_no;
$_SESSION['cmpi']['err_desc'][0] = $err_desc;
define('DO_DIRECT_PAYMENT', true);
}
return true;
}
list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($_REQUEST, $auth);
if (!empty($_REQUEST['redirect_url'])) {
$redirect_url = $_REQUEST['redirect_url'];
} else {
$redirect_url = fn_url('auth.login' . !empty($_REQUEST['return_url']) ? '?return_url=' . $_REQUEST['return_url'] : '');
}
if ($status === false) {
fn_save_post_data('user_login');
return array(CONTROLLER_STATUS_REDIRECT, $redirect_url);
}
//
// Success login
//
if (!empty($user_data) && !empty($password) && fn_generate_salted_password($password, $salt) == $user_data['password']) {
// Regenerate session_id for security reasons
Session::regenerateId();
//
// If customer placed orders before login, assign these orders to this account
//
if (!empty($auth['order_ids'])) {
foreach ($auth['order_ids'] as $k => $v) {
db_query("UPDATE ?:orders SET ?u WHERE order_id = ?i", array('user_id' => $user_data['user_id']), $v);
}
}
fn_login_user($user_data['user_id']);
Helpdesk::auth();
// Set system notifications
if (Registry::get('config.demo_mode') != true && AREA == 'A') {
// If username equals to the password
if (!fn_is_development() && fn_compare_login_password($user_data, $password)) {
$lang_var = 'warning_insecure_password_email';
function fn_get_carts($params, $items_per_page = 0)
{
// Init filter
$params = LastView::instance()->update('carts', $params);
// Set default values to input params
$default_params = array('page' => 1, 'items_per_page' => $items_per_page);
$params = array_merge($default_params, $params);
// Define fields that should be retrieved
$fields = array('?:user_session_products.user_id', '?:users.firstname', '?:users.lastname', '?:user_session_products.timestamp AS date');
// Define sort fields
$sortings = array('customer' => "CONCAT(?:users.lastname, ?:users.firstname)", 'date' => "?:user_session_products.timestamp");
if (fn_allowed_for('ULTIMATE')) {
$sortings['company_id'] = "?:user_session_products.company_id";
}
$sorting = db_sort($params, $sortings, 'customer', 'asc');
$condition = $join = '';
$group = " GROUP BY ?:user_session_products.user_id";
$group_post = '';
if (isset($params['cname']) && fn_string_not_empty($params['cname'])) {
$arr = fn_explode(' ', $params['cname']);
foreach ($arr as $k => $v) {
if (!fn_string_not_empty($v)) {
unset($arr[$k]);
}
}
if (sizeof($arr) == 2) {
$condition .= db_quote(" AND ?:users.firstname LIKE ?l AND ?:users.lastname LIKE ?l", "%" . array_shift($arr) . "%", "%" . array_shift($arr) . "%");
} else {
$condition .= db_quote(" AND (?:users.firstname LIKE ?l OR ?:users.lastname LIKE ?l)", "%" . trim($params['cname']) . "%", "%" . trim($params['cname']) . "%");
}
}
if (isset($params['email']) && fn_string_not_empty($params['email'])) {
$condition .= db_quote(" AND ?:users.email LIKE ?l", "%" . trim($params['email']) . "%");
}
if (!empty($params['user_id'])) {
$condition .= db_quote(" AND ?:user_session_products.user_id = ?i", $params['user_id']);
}
if (!empty($params['online_only'])) {
$sessions = Session::getOnline('C');
if (!empty($sessions)) {
$condition .= db_quote(" AND ?:user_session_products.session_id IN (?a)", $sessions);
} else {
$condition .= db_quote(" AND 0");
}
}
if (!empty($params['with_info_only'])) {
$condition .= db_quote(" AND ?:users.email != ''");
}
if (!empty($params['users_type'])) {
if ($params['users_type'] == 'R') {
$condition .= db_quote(" AND !ISNULL(?:users.user_id)");
} elseif ($params['users_type'] == 'G') {
$condition .= db_quote(" AND ISNULL(?:users.user_id)");
}
}
if (!empty($params['total_from']) || !empty($params['total_to'])) {
$having = '';
if (fn_is_numeric($params['total_from'])) {
$having .= db_quote(" AND SUM(price * amount) >= ?d", $params['total_from']);
}
if (fn_is_numeric($params['total_to'])) {
$having .= db_quote(" AND SUM(price * amount) <= ?d", $params['total_to']);
}
if (!empty($having)) {
$users4total = db_get_fields("SELECT user_id FROM ?:user_session_products GROUP BY user_id HAVING 1 {$having}");
if (!empty($users4total)) {
$condition .= db_quote(" AND (?:user_session_products.user_id IN (?n))", $users4total);
} else {
$condition .= " AND (?:user_session_products.user_id = 'no')";
}
}
}
if (!empty($params['period']) && $params['period'] != 'A') {
list($params['time_from'], $params['time_to']) = fn_create_periods($params);
$condition .= db_quote(" AND (?:user_session_products.timestamp >= ?i AND ?:user_session_products.timestamp <= ?i)", $params['time_from'], $params['time_to']);
}
$_condition = array();
if (!empty($params['product_type_c'])) {
$_condition[] = "?:user_session_products.type = 'C'";
}
if (!empty($params['product_type_w']) && $params['product_type_w'] == 'Y') {
$_condition[] = "?:user_session_products.type = 'W'";
}
if (!empty($_condition)) {
$condition .= " AND (" . implode(" OR ", $_condition) . ")";
}
if (!empty($params['p_ids']) || !empty($params['product_view_id'])) {
$arr = strpos($params['p_ids'], ',') !== false || !is_array($params['p_ids']) ? explode(',', $params['p_ids']) : $params['p_ids'];
if (empty($params['product_view_id'])) {
$condition .= db_quote(" AND ?:user_session_products.product_id IN (?n)", $arr);
} else {
$condition .= db_quote(" AND ?:user_session_products.product_id IN (?n)", db_get_fields(fn_get_products(array('view_id' => $params['product_view_id'], 'get_query' => true))));
}
$group_post .= " HAVING COUNT(?:user_session_products.user_id) >= " . count($arr);
}
$join .= " LEFT JOIN ?:users ON ?:user_session_products.user_id = ?:users.user_id";
// checking types for retrieving from the database
$type_restrictions = array('C');
fn_set_hook('get_carts', $type_restrictions, $params, $condition, $join, $fields, $group, $array_index_field);
if (!empty($type_restrictions) && is_array($type_restrictions)) {
$condition .= " AND ?:user_session_products.type IN ('" . implode("', '", $type_restrictions) . "')";
}
$carts_list = array();
$group .= $group_post;
$limit = '';
if (!empty($params['items_per_page'])) {
$limit = db_paginate($params['page'], $params['items_per_page']);
}
if (fn_allowed_for('ULTIMATE')) {
$group = " GROUP BY ?:user_session_products.user_id, ?:user_session_products.company_id";
}
$carts_list = db_get_array("SELECT SQL_CALC_FOUND_ROWS " . implode(', ', $fields) . " FROM ?:user_session_products {$join} WHERE 1 {$condition} {$group} {$sorting} {$limit}");
if (!empty($params['items_per_page'])) {
$params['total_items'] = db_get_found_rows();
}
unset($_SESSION['abandoned_carts']);
return array($carts_list, $params);
}
* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. *
****************************************************************************/
use Tygh\Development;
use Tygh\Registry;
use Tygh\Session;
use Tygh\BlockManager\Location;
use Tygh\BlockManager\Layout;
if (!defined('BOOTSTRAP')) {
die('Access denied');
}
if (!empty($_REQUEST['skey'])) {
$session_data = fn_get_storage_data('session_' . $_REQUEST['skey'] . '_data');
fn_set_storage_data('session_' . $_REQUEST['skey'] . '_data', '');
if (!empty($session_data)) {
$_SESSION = unserialize($session_data);
Session::save(Session::getId(), $_SESSION);
fn_calculate_cart_content($_SESSION['cart'], $_SESSION['auth'], 'S', true, 'F', true);
fn_save_cart_content($_SESSION['cart'], $_SESSION['auth']['user_id']);
}
return array(CONTROLLER_STATUS_REDIRECT, fn_query_remove(REAL_URL, 'skey'));
}
// UK Cookies Law
if (Registry::get('settings.Security.uk_cookies_law') == 'Y') {
if (!empty($_REQUEST['cookies_accepted']) && $_REQUEST['cookies_accepted'] == 'Y') {
$_SESSION['cookies_accepted'] = true;
}
if (!defined('AJAX_REQUEST') && empty($_SESSION['cookies_accepted'])) {
$url = fn_link_attach(Registry::get('config.current_url'), 'cookies_accepted=Y');
$text = __('uk_cookies_law', array('[url]' => $url));
fn_delete_notification('uk_cookies_law');
fn_set_notification('W', __('warning'), $text, 'K', 'uk_cookies_law');
$pp_response['order_status'] = 'P';
$pp_response['reason_text'] = $_REQUEST['msg'];
$pp_response['transaction_id'] = $_REQUEST['TxnGUID'];
$pp_response['card_number'] = $_REQUEST['mPAN'];
$pp_response['card'] = $_REQUEST['type'];
$pp_response['cardholder_name'] = $_REQUEST['name'];
$pp_response['expiry_month'] = substr($_REQUEST['exp'], 0, 2);
$pp_response['expiry_year'] = substr($_REQUEST['exp'], -2);
} elseif (!empty($_REQUEST['error'])) {
$pp_response['order_status'] = 'F';
$pp_response['reason_text'] = !empty($_REQUEST['msg']) ? $_REQUEST['msg'] : __('error');
} else {
$pp_response['order_status'] = 'N';
$pp_response['reason_text'] = __('transaction_cancelled');
}
if (fn_check_payment_script('cresecure.php', $order_id)) {
fn_finish_payment($order_id, $pp_response);
fn_order_placement_routines('route', $order_id);
}
}
} else {
if ($processor_data['processor_params']['test'] == 'live') {
$post_address = "https://safe.cresecure.net/securepayments/a1/cc_collection.php";
} else {
$post_address = "https://sandbox-cresecure.net/securepayments/a1/cc_collection.php";
}
$post_data = array('CRESecureID' => $processor_data['processor_params']['cresecureid'], 'total_amt' => sprintf('%.2f', $order_info['total']), 'return_url' => fn_url("payment_notification.return?payment=cresecure&order_id={$order_id}", AREA, 'https'), 'content_template_url' => fn_payment_url('https', "cresecure.php?order_id={$order_id}&display_full_path=Y"), 'b_country' => db_get_field('SELECT a.code_A3 FROM ?:countries as a WHERE a.code = ?s', $order_info['b_country']), 's_country' => db_get_field('SELECT a.code_A3 FROM ?:countries as a WHERE a.code = ?s', $order_info['s_country']), 'customer_address' => $order_info['b_address'] . (!empty($order_info['b_address_2']) ? ' ' . $order_info['b_address_2'] : ''), 'delivery_address' => $order_info['s_address'] . (!empty($order_info['s_address_2']) ? ' ' . $order_info['s_address_2'] : ''), 'customer_phone' => !empty($order_info['b_phone']) ? $order_info['b_phone'] : '', 'delivery_phone' => !empty($order_info['s_phone']) ? $order_info['s_phone'] : '', 'allowed_types' => !empty($processor_data['processor_params']['allowed_types']) ? join('|', $processor_data['processor_params']['allowed_types']) : 'Visa|MasterCard', 'sess_id' => Session::getId(), 'sess_name' => Session::getName(), 'order_id' => $order_info['order_id'], 'currency' => $processor_data['processor_params']['currency'], 'CRESecureAPIToken' => $processor_data['processor_params']['cresecureapitoken'], 'customer_id' => $order_info['user_id'], 'customer_company' => $order_info['company'], 'customer_firstname' => $order_info['b_firstname'], 'customer_lastname' => $order_info['b_lastname'], 'customer_email' => $order_info['email'], 'customer_city' => $order_info['b_city'], 'customer_state' => $order_info['b_state'], 'customer_postal_code' => $order_info['b_zipcode'], 'customer_country' => $order_info['b_country'], 'delivery_firstname' => $order_info['s_firstname'], 'delivery_lastname' => $order_info['s_lastname'], 'delivery_city' => $order_info['s_city'], 'delivery_state' => $order_info['s_state'], 'delivery_postal_code' => $order_info['s_zipcode'], 'ip_address' => $_SERVER['REMOTE_ADDR']);
fn_create_payment_form($post_address, $post_data, 'CRE secure', false);
}
exit;
}
/**
* Dispathes the execution control to correct controller
*
* @return nothing
*/
function fn_dispatch($controller = '', $mode = '', $action = '', $dispatch_extra = '', $area = AREA)
{
Debugger::checkpoint('After init');
fn_set_hook('before_dispatch');
$controller = empty($controller) ? Registry::get('runtime.controller') : $controller;
$mode = empty($mode) ? Registry::get('runtime.mode') : $mode;
$action = empty($action) ? Registry::get('runtime.action') : $action;
$dispatch_extra = empty($dispatch_extra) ? Registry::get('runtime.dispatch_extra') : $dispatch_extra;
$regexp = "/^[a-zA-Z0-9_\\+]+\$/";
if (!preg_match($regexp, $controller) || !preg_match($regexp, $mode)) {
throw new InputException('Error processing request');
}
$view = Registry::get('view');
$run_controllers = true;
$external = false;
$status = CONTROLLER_STATUS_NO_PAGE;
// Security
if (Registry::get('config.tweaks.anti_csrf') == true) {
$trusted_csrf_controllers = array('auth');
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !in_array($controller, $trusted_csrf_controllers) && (empty($_SESSION['security_hash']) || empty($_REQUEST['security_hash']) || $_REQUEST['security_hash'] != $_SESSION['security_hash'])) {
fn_set_notification('E', __('error'), __('text_csrf_attack'));
fn_redirect(fn_url());
}
}
// If $config['http_host'] was different from the domain name, there was redirection to $config['http_host'] value.
if (Registry::get('config.current_host') != REAL_HOST && $_SERVER['REQUEST_METHOD'] == 'GET' && !defined('CONSOLE')) {
if (!empty($_SERVER['REDIRECT_URL'])) {
$qstring = $_SERVER['REDIRECT_URL'];
} else {
if (!empty($_SERVER['REQUEST_URI'])) {
$qstring = $_SERVER['REQUEST_URI'];
} else {
$qstring = Registry::get('config.current_url');
}
}
$curent_path = Registry::get('config.current_path');
if (!empty($curent_path) && strpos($qstring, $curent_path) === 0) {
$qstring = substr_replace($qstring, '', 0, fn_strlen($curent_path));
}
fn_redirect(Registry::get('config.current_location') . $qstring, false, true);
}
if (isset($_SERVER['CONTENT_LENGTH']) && ($_SERVER['CONTENT_LENGTH'] > fn_return_bytes(ini_get('upload_max_filesize')) || $_SERVER['CONTENT_LENGTH'] > fn_return_bytes(ini_get('post_max_size')))) {
$max_size = fn_return_bytes(ini_get('upload_max_filesize')) < fn_return_bytes(ini_get('post_max_size')) ? ini_get('upload_max_filesize') : ini_get('post_max_size');
fn_set_notification('E', __('error'), __('text_forbidden_uploaded_file_size', array('[size]' => $max_size)));
fn_redirect($_SERVER['HTTP_REFERER']);
}
// If URL contains session ID, remove it
if (!empty($_REQUEST[Session::getName()]) && $_SERVER['REQUEST_METHOD'] == 'GET') {
fn_redirect(fn_query_remove(Registry::get('config.current_url'), Session::getName()));
}
// If demo mode is enabled, check permissions FIX ME - why did we need one more user login check?
if ($area == 'A') {
if (Registry::get('config.demo_mode') == true) {
$run_controllers = fn_check_permissions($controller, $mode, 'demo');
if ($run_controllers == false) {
fn_set_notification('W', __('demo_mode'), __('demo_mode_content_text'), 'K', 'demo_mode');
if (defined('AJAX_REQUEST')) {
exit;
}
fn_delete_notification('changes_saved');
$status = CONTROLLER_STATUS_REDIRECT;
$_REQUEST['redirect_url'] = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : fn_url('');
}
} else {
$run_controllers = fn_check_permissions($controller, $mode, 'admin', '', $_REQUEST);
if ($run_controllers == false) {
if (defined('AJAX_REQUEST')) {
$_info = Debugger::isActive() || defined('DEVELOPMENT') ? ' ' . $controller . '.' . $mode : '';
fn_set_notification('W', __('warning'), __('access_denied') . $_info);
exit;
}
$status = CONTROLLER_STATUS_DENIED;
}
}
}
if ($area == 'A' && Registry::get('settings.Security.secure_admin') == 'Y' && !defined('HTTPS') && $_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST') && empty($_REQUEST['keep_location']) && !defined('CONSOLE')) {
fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
} elseif ($area == 'C' && $_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST')) {
$secure_controllers = fn_get_secure_controllers();
// if we are not on https but controller is secure, redirect to https
if (isset($secure_controllers[$controller]) && $secure_controllers[$controller] == 'active' && !defined('HTTPS')) {
fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
}
// if we are on https and the controller is insecure, redirect to http
if (!isset($secure_controllers[$controller]) && defined('HTTPS') && Registry::get('settings.Security.keep_https') != 'Y') {
fn_redirect('http://' . Registry::get('config.http_host') . Registry::get('config.http_path') . '/' . Registry::get('config.current_url'));
}
}
LastView::instance()->prepare($_REQUEST);
$controllers_cascade = array();
$controllers_list = array('init');
if ($run_controllers == true) {
$controllers_list[] = $controller;
$controllers_list = array_unique($controllers_list);
}
foreach ($controllers_list as $ctrl) {
$core_controllers = fn_init_core_controllers($ctrl);
list($addon_controllers) = fn_init_addon_controllers($ctrl);
if (empty($core_controllers) && empty($addon_controllers)) {
//$controllers_cascade = array(); // FIXME: controllers_cascade contains INIT. We should not clear initiation code.
$status = CONTROLLER_STATUS_NO_PAGE;
$run_controllers = false;
break;
}
if (count($core_controllers) + count($addon_controllers) > 1) {
throw new DeveloperException('Duplicate controller ' . $controller . var_export(array_merge($core_controllers, $addon_controllers), true));
}
$core_pre_controllers = fn_init_core_controllers($ctrl, GET_PRE_CONTROLLERS);
$core_post_controllers = fn_init_core_controllers($ctrl, GET_POST_CONTROLLERS);
list($addon_pre_controllers) = fn_init_addon_controllers($ctrl, GET_PRE_CONTROLLERS);
list($addon_post_controllers, $addons) = fn_init_addon_controllers($ctrl, GET_POST_CONTROLLERS);
// we put addon post-controller to the top of post-controller cascade if current addon serves this request
if (count($addon_controllers)) {
$addon_post_controllers = fn_reorder_post_controllers($addon_post_controllers, $addon_controllers[0]);
}
$controllers_cascade = array_merge($controllers_cascade, $addon_pre_controllers, $core_pre_controllers, $core_controllers, $addon_controllers, $core_post_controllers, $addon_post_controllers);
if (empty($controllers_cascade)) {
throw new DeveloperException("No controllers for: {$ctrl}");
}
}
if ($mode == 'add') {
$tpl = 'update.tpl';
} elseif (strpos($mode, 'add_') === 0) {
$tpl = str_replace('add_', 'update_', $mode) . '.tpl';
} else {
$tpl = $mode . '.tpl';
}
$view = Registry::get('view');
if ($view->templateExists('views/' . $controller . '/' . $tpl)) {
// try to find template in base views
$view->assign('content_tpl', 'views/' . $controller . '/' . $tpl);
} elseif (defined('LOADED_ADDON_PATH') && $view->templateExists('addons/' . LOADED_ADDON_PATH . '/views/' . $controller . '/' . $tpl)) {
// try to find template in addon views
$view->assign('content_tpl', 'addons/' . LOADED_ADDON_PATH . '/views/' . $controller . '/' . $tpl);
} elseif (!empty($addons)) {
// try to find template in addon views that extend base views
foreach ($addons as $addon => $_v) {
if ($view->templateExists('addons/' . $addon . '/views/' . $controller . '/' . $tpl)) {
$view->assign('content_tpl', 'addons/' . $addon . '/views/' . $controller . '/' . $tpl);
break;
}
}
}
fn_set_hook('dispatch_assign_template', $controller, $mode, $area);
foreach ($controllers_cascade as $item) {
$_res = fn_run_controller($item, $controller, $mode, $action, $dispatch_extra);
// 0 - status, 1 - url
$url = !empty($_res[1]) ? $_res[1] : '';
$external = !empty($_res[2]) ? $_res[2] : false;
$permanent = !empty($_res[3]) ? $_res[3] : false;
// Status could be changed only if we allow to run controllers despite of init controller
if ($run_controllers == true) {
$status = !empty($_res[0]) ? $_res[0] : CONTROLLER_STATUS_OK;
}
if ($status == CONTROLLER_STATUS_OK && !empty($url)) {
$redirect_url = $url;
} elseif ($status == CONTROLLER_STATUS_REDIRECT && !empty($url)) {
$redirect_url = $url;
break;
} elseif ($status == CONTROLLER_STATUS_DENIED || $status == CONTROLLER_STATUS_NO_PAGE) {
break;
}
}
LastView::instance()->init($_REQUEST);
// In console mode, just stop here
if (defined('CONSOLE')) {
exit;
}
if (!empty($_SESSION['auth']['this_login']) && Registry::ifGet($_SESSION['auth']['this_login'], 'N') === 'Y') {
fn_set_notification('E', __('error'), __(ACCOUNT_TYPE . LOGIN_STATUS_USER_DISABLED));
$status = CONTROLLER_STATUS_DENIED;
}
// [Block manager]
// block manager is disabled for vendors.
if (!(fn_allowed_for('MULTIVENDOR') && Registry::get('runtime.company_id') || fn_allowed_for('ULTIMATE') && !Registry::get('runtime.company_id'))) {
if (fn_check_permissions('block_manager', 'manage', 'admin')) {
$dynamic_object = SchemesManager::getDynamicObject($_REQUEST['dispatch'], $area);
if (!empty($dynamic_object)) {
if ($area == 'A' && Registry::get('runtime.mode') != 'add' && !empty($_REQUEST[$dynamic_object['key']])) {
$object_id = $_REQUEST[$dynamic_object['key']];
$location = Location::instance()->get($dynamic_object['customer_dispatch'], $dynamic_object, CART_LANGUAGE);
if (!empty($location) && $location['is_default'] != 1) {
$params = array('dynamic_object' => array('object_type' => $dynamic_object['object_type'], 'object_id' => $object_id), $dynamic_object['key'] => $object_id, 'manage_url' => Registry::get('config.current_url'));
Registry::set('navigation.tabs.blocks', array('title' => __('layouts'), 'href' => 'block_manager.manage_in_tab?' . http_build_query($params), 'ajax' => true));
}
}
}
}
}
// [/Block manager]
// Redirect if controller returned successful/redirect status only
if (in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT)) && !empty($_REQUEST['redirect_url']) && !$external) {
$redirect_url = $_REQUEST['redirect_url'];
}
// If controller returns "Redirect" status, check if redirect url exists
if ($status == CONTROLLER_STATUS_REDIRECT && empty($redirect_url)) {
$status = CONTROLLER_STATUS_NO_PAGE;
}
// In backend show "changes saved" notification
if ($area == 'A' && $_SERVER['REQUEST_METHOD'] == 'POST' && in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT))) {
if (strpos($mode, 'update') !== false && !fn_notification_exists('extra', 'demo_mode') && !fn_notification_exists('type', 'E')) {
fn_set_notification('N', __('notice'), __('text_changes_saved'), 'I', 'changes_saved');
}
}
// Attach params and redirect if needed
if (in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT)) && !empty($redirect_url)) {
$params = array('page', 'selected_section', 'active_tab');
$url_params = array();
foreach ($params as $param) {
if (!empty($_REQUEST[$param])) {
$url_params[$param] = $_REQUEST[$param];
}
}
if (!empty($url_params)) {
$redirect_url = fn_link_attach($redirect_url, http_build_query($url_params));
}
if (!isset($external)) {
$external = false;
}
if (!isset($permanent)) {
$permanent = false;
}
fn_redirect($redirect_url, $external, $permanent);
}
if (!$view->getTemplateVars('content_tpl') && $status == CONTROLLER_STATUS_OK) {
// FIXME
$status = CONTROLLER_STATUS_NO_PAGE;
}
if ($status != CONTROLLER_STATUS_OK) {
if ($status == CONTROLLER_STATUS_NO_PAGE) {
if ($area == 'A' && empty($_SESSION['auth']['user_id'])) {
// If admin is not logged in redirect to login page from not found page
fn_set_notification('W', __('page_not_found'), __('page_not_found_text'));
fn_redirect("auth.login_form");
}
header(' ', true, 404);
}
$view->assign('exception_status', $status);
if ($area == 'A') {
$view->assign('content_tpl', 'exception.tpl');
// for backend only
}
if ($status == CONTROLLER_STATUS_DENIED) {
$view->assign('page_title', __('access_denied'));
} elseif ($status == CONTROLLER_STATUS_NO_PAGE) {
$view->assign('page_title', __('page_not_found'));
}
}
fn_set_hook('dispatch_before_display');
Debugger::checkpoint('Before TPL');
// Pass current URL to ajax response only if we render whole page
if (defined('AJAX_REQUEST') && Registry::get('runtime.root_template') == 'index.tpl') {
Registry::get('ajax')->assign('current_url', fn_url(Registry::get('config.current_url'), $area, 'current'));
}
Registry::get('view')->display(Registry::get('runtime.root_template'));
Debugger::checkpoint('After TPL');
Debugger::display();
fn_set_hook('complete');
exit;
// stop execution
}
function fn_get_ebay_orders()
{
$success_orders = $failed_orders = array();
setlocale(LC_TIME, 'en_US');
$params = array('OrderStatus' => 'Completed');
$last_transaction = db_get_field('SELECT timestamp FROM ?:ebay_cached_transactions WHERE type = ?s AND status = ?s ORDER BY timestamp DESC', 'orders', 'C');
// Need user_id
if (!empty($last_transaction)) {
$params['CreateTimeFrom'] = gmstrftime("%Y-%m-%dT%H:%M:%S", $last_transaction);
$params['CreateTimeTo'] = gmstrftime("%Y-%m-%dT%H:%M:%S", TIME);
}
$data = array('timestamp' => TIME, 'user_id' => $_SESSION['auth']['user_id'], 'session_id' => Session::getId(), 'status' => 'A', 'type' => 'orders', 'result' => '', 'site_id' => 0);
$transaction_id = db_query('INSERT INTO ?:ebay_cached_transactions ?e', $data);
list(, $ebay_orders) = Ebay::instance()->GetOrders($params);
$data = array('status' => 'C', 'result' => count($ebay_orders));
db_query('UPDATE ?:ebay_cached_transactions SET ?u WHERE transaction_id = ?i', $data, $transaction_id);
if (!empty($ebay_orders)) {
foreach ($ebay_orders as $k => $v) {
$item_transactions = $v['TransactionArray'];
$cart = $products = array();
if (!is_array($item_transactions)) {
$item_transactions = array($item_transactions->Transaction);
}
$i = 1;
foreach ($item_transactions as $item) {
$email = (string) $item->Buyer->Email;
break;
}
$shipping_address = $v['ShippingAddress'];
$customer_name = explode(' ', (string) $shipping_address->Name);
$firstname = array_shift($customer_name);
$lastname = implode(' ', $customer_name);
$cart = array('user_id' => 0, 'company_id' => Registry::get('runtime.company_id'), 'email' => $email, 'ebay_order_id' => $v['OrderID'], 'status' => 'P', 'timestamp' => strtotime($v['CreatedTime']), 'payment_id' => 0, 'user_data' => array('firstname' => $firstname, 'lastname' => $lastname, 'phone' => (string) $shipping_address->Phone, 's_firstname' => $firstname, 's_lastname' => $lastname, 's_address' => (string) $shipping_address->Street1, 's_city' => (string) $shipping_address->CityName, 's_state' => (string) $shipping_address->StateOrProvince, 's_country' => (string) $shipping_address->Country, 's_phone' => (string) $shipping_address->Phone, 's_zipcode' => (string) $shipping_address->PostalCode, 'b_firstname' => $firstname, 'b_lastname' => $lastname, 'b_address' => (string) $shipping_address->Street1, 'b_city' => (string) $shipping_address->CityName, 'b_state' => (string) $shipping_address->StateOrProvince, 'b_country' => (string) $shipping_address->Country, 'b_phone' => (string) $shipping_address->Phone, 'b_zipcode' => (string) $shipping_address->PostalCode), 'total' => $v['Total'], 'subtotal' => $v['Subtotal'], 'shipping_cost' => (double) $v['ShippingServiceSelected']->ShippingServiceCost);
foreach ($item_transactions as $item) {
$_item = (array) $item->Item;
$product_id = db_get_field('SELECT product_id FROM ?:ebay_template_products WHERE ebay_item_id = ?i', $_item['ItemID']);
// Need check company_id
if (!$product_id) {
continue;
}
$product = fn_get_product_data($product_id, $cart['user_data']);
$extra = array("product_options" => array());
$options = db_get_array('SELECT ?:product_options.option_id, ?:product_options_descriptions.option_name, ?:product_option_variants_descriptions.variant_id, ?:product_option_variants_descriptions.variant_name
FROM ?:product_options
JOIN ?:product_option_variants ON ?:product_option_variants.option_id = ?:product_options.option_id
JOIN ?:product_options_descriptions ON ?:product_options_descriptions.option_id = ?:product_options.option_id
JOIN ?:product_option_variants_descriptions ON ?:product_option_variants_descriptions.variant_id = ?:product_option_variants.variant_id
WHERE product_id =?i', $product_id);
if (isset($item->Variation)) {
$variations_xml = (array) $item->Variation->VariationSpecifics;
if (isset($variations_xml['NameValueList']->Name)) {
$variations = (array) $variations_xml['NameValueList'];
} else {
foreach ($variations_xml['NameValueList'] as $variation) {
$variations[] = (array) $variation;
}
}
if (isset($variations)) {
if (isset($variations['Name'])) {
foreach ($options as $option) {
if ($variations['Name'] == $option['option_name'] && $variations['Value'] == $option['variant_name']) {
$extra['product_options'][$option['option_id']] = $option['variant_id'];
}
}
} else {
foreach ($variations as $variation) {
foreach ($options as $option) {
if ($variation['Name'] == $option['option_name'] && $variation['Value'] == $option['variant_name']) {
$extra['product_options'][$option['option_id']] = $option['variant_id'];
}
}
}
}
$variations = array();
}
}
$products[$i] = array('product_id' => $product_id, 'amount' => (int) $item->QuantityPurchased, 'price' => (double) $item->TransactionPrice, 'base_price' => (double) $item->TransactionPrice, 'is_edp' => $product['is_edp'], 'edp_shipping' => $product['edp_shipping'], 'free_shipping' => $product['free_shipping'], 'stored_price' => 'Y', 'company_id' => Registry::get('runtime.company_id'), 'extra' => $extra);
unset($product);
$i += 1;
}
if (empty($products)) {
continue;
}
$cart['products'] = $products;
unset($products);
$location = fn_get_customer_location($cart['user_data'], $cart);
$cart['product_groups'] = Shippings::groupProductsList($cart['products'], $location);
list($order_id, $status) = fn_update_order($cart);
if (!empty($order_id)) {
fn_change_order_status($order_id, 'P', $status, fn_get_notification_rules(array(), false));
$success_orders[] = $order_id;
} else {
$failed_orders[] = $cart['ebay_order_id'];
}
}
}
return array($success_orders, $failed_orders);
}
function fn_register_ebay_shippings($site_id = 0)
{
$data = array('timestamp' => TIME, 'user_id' => $_SESSION['auth']['user_id'], 'session_id' => Session::getId(), 'status' => 'A', 'type' => 'shippings', 'result' => '', 'site_id' => $site_id);
$transaction_id = db_query('INSERT INTO ?:ebay_cached_transactions ?e', $data);
list(, $shippings) = Ebay::instance()->GetEbayDetails('ShippingServiceDetails');
if (!empty($shippings)) {
db_query('DELETE FROM ?:ebay_shippings WHERE site_id = ?i', $site_id);
$data = array();
foreach ($shippings as $shipping) {
if (isset($shipping['ValidForSellingFlow']) && $shipping['ValidForSellingFlow'] == 'true') {
$data[] = array('service_id' => isset($shipping['ShippingServiceID']) ? $shipping['ShippingServiceID'] : '', 'name' => isset($shipping['ShippingService']) ? $shipping['ShippingService'] : '', 'description' => isset($shipping['Description']) ? $shipping['Description'] : '', 'service_type' => isset($shipping['ServiceType']) ? is_array($shipping['ServiceType']) ? implode(',', $shipping['ServiceType']) : $shipping['ServiceType'] : '', 'is_international' => isset($shipping['InternationalService']) && $shipping['InternationalService'] == 'true' ? 'Y' : 'N', 'category' => isset($shipping['ShippingCategory']) ? $shipping['ShippingCategory'] : '', 'ship_days_max' => isset($shipping['ShippingTimeMax']) ? $shipping['ShippingTimeMax'] : '', 'ship_days_min' => isset($shipping['ShippingTimeMin']) ? $shipping['ShippingTimeMin'] : '', 'package' => isset($shipping['ShippingPackage']) ? is_array($shipping['ShippingPackage']) ? implode(',', $shipping['ShippingPackage']) : $shipping['ShippingPackage'] : '', 'carrier' => isset($shipping['ShippingCarrier']) ? $shipping['ShippingCarrier'] : '', 'weight_required' => isset($shipping['WeightRequired']) && $shipping['WeightRequired'] == 'true' ? 'Y' : 'N', 'selling_flow' => 'Y', 'dimensions_required' => isset($shipping['DimensionsRequired']) && $shipping['DimensionsRequired'] == 'true' ? 'Y' : 'N', 'surcharge_applicable' => isset($shipping['SurchargeApplicable']) && $shipping['SurchargeApplicable'] == 'true' ? 'Y' : 'N', 'expedited_service' => isset($shipping['ExpeditedService']) && $shipping['ExpeditedService'] == 'true' ? 'Y' : 'N', 'detail_version' => isset($shipping['DetailVersion']) ? $shipping['DetailVersion'] : '', 'update_timestamp' => isset($shipping['UpdateTime']) ? strtotime($shipping['UpdateTime']) : '', 'site_id' => $site_id);
}
}
if (!empty($data)) {
db_query('INSERT INTO ?:ebay_shippings ?m', $data);
}
$_data = array('status' => 'C', 'result' => count($data));
db_query('UPDATE ?:ebay_cached_transactions SET ?u WHERE transaction_id = ?i', $_data, $transaction_id);
}
return true;
}
/**
* Garbage collector - move expired sessions to session archive
*
* @param int $max_lifetime session lifetime
*
* @return boolean always true
*/
public function gc($max_lifetime)
{
// Move expired sessions to sessions storage
db_query('REPLACE INTO ?:stored_sessions SELECT * FROM ?:sessions WHERE expiry < ?i', TIME);
$sessions = db_get_array('SELECT * FROM ?:sessions WHERE expiry < ?i', TIME);
if ($sessions) {
foreach ($sessions as $entry) {
fn_log_user_logout($entry, Session::decode($entry['data']));
}
// delete old sessions
db_query('DELETE FROM ?:sessions WHERE expiry < ?i', TIME);
}
// Cleanup sessions storage
db_query('DELETE FROM ?:stored_sessions WHERE expiry < ?i', TIME - SESSIONS_STORAGE_ALIVE_TIME);
return true;
}
fn_set_hook('amazon_products', $amazon_products, $cart);
// Get cart items
$amazon_order = array();
foreach ($amazon_products as $key => $product) {
// Get product options
$item_options = ' ';
if (!empty($product['product_options'])) {
$_options = fn_get_selected_product_options_info($cart['products'][$key]['product_options']);
foreach ($_options as $opt) {
$item_options .= $opt['option_name'] . ': ' . $opt['variant_name'] . '; ';
}
$item_options = ' [' . trim($item_options, '; ') . ']';
}
$amazon_order['Cart']['Items']['Item'][] = array('SKU' => empty($product['product_code']) ? 'pid_' . $product['product_id'] : substr(strip_tags($product['product_code']), 0, 250), 'MerchantId' => $processor_data['processor_params']['merchant_id'], 'Title' => substr(strip_tags($product['product']), 0, 250) . $item_options, 'Price' => array('Amount' => fn_format_price($product['price']), 'CurrencyCode' => $_currency), 'Quantity' => $product['amount'], 'ItemCustomData' => array('CartID' => $key));
}
$amazon_order['Cart']['CartCustomData'] = array('ClientRequestId' => base64_encode(Session::getId() . ';' . $_payment_id));
// Activate the Amazon callbacks functionality
$amazon_order['ReturnUrl'] = Registry::get('config.http_location') . '/' . Registry::get('config.customer_index') . '?dispatch=payment_notification.placement&payment=amazon_checkout';
$amazon_order['CancelUrl'] = fn_url('checkout.cart');
$amazon_order['OrderCalculationCallbacks'] = array('CalculateTaxRates' => 'true', 'CalculatePromotions' => 'true', 'CalculateShippingRates' => 'true', 'OrderCallbackEndpoint' => Registry::get('config.origin_http_location') . '/app/payments/amazon_checkout.php', 'ProcessOrderOnCallbackFailure' => $processor_data['processor_params']['process_on_failure'] == 'Y' ? 'true' : 'false');
$amazon_order['DisablePromotionCode'] = 'true';
$amazon_cart = '<?xml version="1.0" encoding="UTF-8"?>' . '<Order xmlns="http://payments.amazon.com/checkout/2009-05-15/">' . fn_array_to_xml($amazon_order) . '</Order>';
// Calculate cart signature
if (!empty($processor_data['processor_params']['aws_access_public_key'])) {
$sign = fn_amazon_calculate_signature($amazon_cart, $processor_data['processor_params']['aws_secret_access_key']);
$sign = ';signature:' . $sign . ';aws-access-key-id:' . $processor_data['processor_params']['aws_access_public_key'];
$order_type = 'merchant-signed-order/aws-accesskey/1';
} else {
$sign = '';
$order_type = 'unsigned-order';
}
/**
* Generate security hash to protect forms from CRSF attacks
*
* @return string salted hash
*/
function fn_generate_security_hash()
{
if (empty($_SESSION['security_hash'])) {
$_SESSION['security_hash'] = md5(Registry::get('config.crypt_key') . Session::getId());
}
return $_SESSION['security_hash'];
}
$pp_response['order_status'] = $_REQUEST['transStatus'] == 'Y' && (!empty($processor_data['processor_params']['callback_password']) ? !empty($_REQUEST['callbackPW']) && $_REQUEST['callbackPW'] == $processor_data['processor_params']['callback_password'] : true) ? 'P' : 'F';
if ($_REQUEST['transStatus'] == 'Y') {
$pp_response['reason_text'] = $_REQUEST['rawAuthMessage'];
$pp_response['transaction_id'] = $_REQUEST['transId'];
$pp_response['descr_avs'] = 'CVV (Security Code): ' . $avs_res[substr($_REQUEST['AVS'], 0, 1)] . '; Postcode: ' . $avs_res[substr($_REQUEST['AVS'], 1, 1)] . '; Address: ' . $avs_res[substr($_REQUEST['AVS'], 2, 1)] . '; Country: ' . $avs_res[substr($_REQUEST['AVS'], 3)];
}
if (!empty($_REQUEST['testMode'])) {
$pp_response['reason_text'] .= '; This a TEST Transaction';
}
$area = db_get_field("SELECT data FROM ?:order_data WHERE order_id = ?i AND type = 'E'", $order_id);
$override = $area == 'A' ? true : false;
fn_finish_payment($order_id, $pp_response, false);
echo "<head><meta http-equiv='refresh' content='0; url=" . fn_url("payment_notification.notify?payment=worldpay&order_id={$order_id}", $area, 'current', CART_LANGUAGE, $override) . "'></head><body><wpdisplay item=banner></body>";
exit;
} else {
if (!defined('BOOTSTRAP')) {
die('Access denied');
}
$_order_id = $order_info['repaid'] ? $order_id . '_' . $order_info['repaid'] : $order_id;
$s_id = Session::getId();
$sess_name = Session::getName();
$card_holder = $processor_data['processor_params']['test'] == $mode_test_declined ? $card_holder_for_declined_test : $order_info['b_firstname'] . ' ' . $order_info['b_lastname'];
$test_mode_id = $processor_data['processor_params']['test'] == $mode_test_declined ? $mode_test : $processor_data['processor_params']['test'];
$signature = md5($processor_data['processor_params']['md5_secret'] . ':' . $processor_data['processor_params']['account_id'] . ':' . $order_info['total'] . ':' . $processor_data['processor_params']['currency'] . ':' . $_order_id);
$data = array('signatureFields' => 'instId:amount:currency:cartId', 'signature' => $signature, 'instId' => $processor_data['processor_params']['account_id'], 'cartId' => $_order_id, 'amount' => $order_info['total'], 'currency' => $processor_data['processor_params']['currency'], 'testMode' => $test_mode_id, 'authMode' => $processor_data['processor_params']['authmode'], 'name' => $card_holder, 'tel' => $order_info['phone'], 'email' => $order_info['email'], 'address' => $order_info['b_address'] . ' ' . $order_info['b_city'] . ' ' . $order_info['b_state'] . ' ' . $order_info['b_country'], 'postcode' => $order_info['b_zipcode'], 'country' => $order_info['b_country'], "MC_{$sess_name}" => $s_id);
$order_data = array('order_id' => $order_id, 'type' => 'E', 'data' => AREA);
db_query("REPLACE INTO ?:order_data ?e", $order_data);
$submit_url = $processor_data['processor_params']['test'] == $mode_test_declined || $processor_data['processor_params']['test'] == $mode_test ? 'https://secure-test.worldpay.com/wcc/purchase' : 'https://secure.worldpay.com/wcc/purchase';
fn_create_payment_form($submit_url, $data, 'World Pay server', false);
exit;
}
} elseif ($_REQUEST['amount'] != $adjusted_order_total) {
$pp_response['reason_text'] .= __('mb_amounts_not_match');
}
if ($_REQUEST['currency'] != $processor_data['processor_params']['currency']) {
$pp_response['reason_text'] .= __('mb_currencies_not_match');
}
}
if (fn_check_payment_script('skrill_qc.php', $_REQUEST['order_id'])) {
fn_finish_payment($_REQUEST['order_id'], $pp_response);
}
exit;
}
} else {
$url = 'https://www.moneybookers.com/app/payment.pl';
$suffix = AREA != 'A' && empty($order_info['repaid']) && defined('IFRAME_MODE') ? '&iframe_mode=true' : '';
$post_data = array('pay_to_email' => $processor_data['processor_params']['pay_to_email'], 'recipient_description' => $processor_data['processor_params']['recipient_description'], 'transaction_id' => $processor_data['processor_params']['order_prefix'] . (!empty($order_info['repaid']) ? $order_id . '_' . $order_info['repaid'] : $order_id), 'return_url' => fn_url("payment_notification.return?payment=skrill_qc&order_id={$order_id}{$suffix}", AREA, 'current'), 'return_url_text' => '', 'cancel_url' => fn_url("payment_notification.cancel?payment=skrill_qc&order_id={$order_id}{$suffix}", AREA, 'current'), 'status_url' => fn_url("payment_notification.status?payment=skrill_qc&order_id={$order_id}{$suffix}", AREA, 'current'), 'language' => $processor_data['processor_params']['language'], 'amount' => $order_info['total'], 'currency' => $processor_data['processor_params']['currency'], 'return_url_target' => '_parent', 'cancel_url_target' => '_parent', 'merchant_fields' => 'platform,mb_sess_id,inner_order_id', 'mb_sess_id' => base64_encode(Session::getId()), 'inner_order_id' => $order_id, 'platform' => '21477207');
$post_data['amount'] = fn_mb_adjust_amount($post_data['amount'], $post_data['currency']);
if (!$post_data['amount']) {
if (!empty($suffix)) {
echo __('text_unsupported_currency');
} else {
fn_set_notification('E', __('error'), __('text_unsupported_currency'));
$url = fn_url("payment_notification.unsupported_currency?payment=skrill_qc&order_id={$order_id}", AREA, 'current');
echo <<<EOT
<form action="{$url}" method="POST" name="process">
</form>
<script type="text/javascript">
window.onload = function(){
document.process.submit();
};
</script>
/**
* @param array $auth
*/
function fn_user_logout($auth)
{
// Regenerate session_id for security reasons
fn_save_cart_content($_SESSION['cart'], $auth['user_id']);
Session::regenerateId();
fn_init_user();
$auth = $_SESSION['auth'];
if (!empty($auth['user_id'])) {
fn_log_user_logout($auth);
}
unset($_SESSION['auth']);
fn_clear_cart($_SESSION['cart'], false, true);
fn_delete_session_data(AREA . '_user_id', AREA . '_password');
unset($_SESSION['product_notifications']);
fn_login_user();
// need to fill $_SESSION['auth'] array for anonymous user
}
if (Registry::get('runtime.action') == 'from_status') {
fn_calculate_cart_content($cart, $auth, 'S', true, 'F', true);
}
}
return array(CONTROLLER_STATUS_REDIRECT, "checkout." . $_REQUEST['redirect_mode']);
//Clear cart
} elseif ($mode == 'clear') {
fn_clear_cart($cart);
//fn_save_cart_content($cart, $auth['user_id']);
$cart_user_id = $_SESSION['auth']['user_id'];
if (!$cart_user_id) {
$cart_user_id = fn_get_session_data('cu_id');
}
db_query("DELETE FROM ?:user_session_products WHERE session_id = ?s AND type = ?s AND user_id = ?s", Session::getId(), 'C', $cart_user_id);
if ($auth['user_id']) {
db_query("UPDATE ?:user_session_products SET user_id = ?s WHERE session_id = ?s AND type = ?s AND user_type = ?s", $auth['user_id'], Session::getId(), 'C', 'U');
}
return array(CONTROLLER_STATUS_REDIRECT, "checkout.cart");
//Purge undeliverable products
} elseif ($mode == 'purge_undeliverable') {
fn_purge_undeliverable_products($cart);
fn_set_notification('N', __('notice'), __('notice_undeliverable_products_removed'));
return array(CONTROLLER_STATUS_REDIRECT, "checkout.checkout");
} elseif ($mode == 'complete') {
if (!empty($_REQUEST['order_id'])) {
if (empty($auth['user_id'])) {
if (empty($auth['order_ids'])) {
return array(CONTROLLER_STATUS_REDIRECT, "auth.login_form?return_url=" . urlencode(Registry::get('config.current_url')));
} else {
$allowed_id = in_array($_REQUEST['order_id'], $auth['order_ids']);
}
function fn_pay4later_order_placement_routines()
{
$_SESSION['cart'] = array('user_data' => !empty($_SESSION['cart']['user_data']) ? $_SESSION['cart']['user_data'] : array(), 'profile_id' => !empty($_SESSION['cart']['profile_id']) ? $_SESSION['cart']['profile_id'] : 0, 'user_id' => !empty($_SESSION['cart']['user_id']) ? $_SESSION['cart']['user_id'] : 0);
$_SESSION['shipping_rates'] = array();
unset($_SESSION['shipping_hash']);
db_query('DELETE FROM ?:user_session_products WHERE session_id = ?s AND type = ?s', Session::getId(), 'C');
}
}
}
$sess_data = array('auth' => fn_fill_auth($user_data, array(), true, $area), 'last_status' => empty($_SESSION['last_status']) ? '' : $_SESSION['last_status']);
if (Registry::get('settings.General.store_mode') == 'Y') {
$sess_data['store_access_key'] = Registry::get('settings.General.store_access_key');
}
$areas = array('A' => 'admin', 'V' => 'vendor', 'C' => 'customer');
fn_init_user_session_data($sess_data, $_REQUEST['user_id'], true);
$old_sess_id = Session::getId();
$redirect_url = !empty($_REQUEST['redirect_url']) ? $_REQUEST['redirect_url'] : '';
if ($area != 'C') {
Session::setName($areas[$area]);
$sess_id = Session::regenerateId();
Session::save($sess_id, $sess_data, $area);
Session::setName(ACCOUNT_TYPE);
Session::setId($old_sess_id, false);
} else {
// Save unique key for session
$key = fn_crc32(microtime()) . fn_crc32(microtime() + 1);
fn_set_storage_data('session_' . $key . '_data', serialize($sess_data));
if (fn_allowed_for('ULTIMATE')) {
$company_id_in_url = fn_get_company_id_from_uri($redirect_url);
if (Registry::get('runtime.company_id') || !empty($user_data['company_id']) || Registry::get('runtime.simple_ultimate') || !empty($company_id_in_url)) {
// Redirect to the personal frontend
$company_id = !empty($user_data['company_id']) ? $user_data['company_id'] : Registry::get('runtime.company_id');
if (!$company_id && Registry::get('runtime.simple_ultimate')) {
$company_id = fn_get_default_company_id();
} elseif (!$company_id) {
$company_id = $company_id_in_url;
}
$url = $area == 'C' ? fn_link_attach($redirect_url, 'skey=' . $key . '&company_id=' . $company_id) : $redirect_url;
public static function display()
{
if (!self::isActive()) {
return false;
}
$data_time = time();
$debugger_id = !empty(self::$debugger_cookie) ? self::$debugger_cookie : substr(Session::getId(), 0, 8);
$ch_p = array_values(self::$checkpoints);
$included_templates = array();
$depth = array();
$d = 0;
foreach (Registry::get('view')->template_objects as $k => $v) {
if (count(explode('#', $k)) == 1) {
continue;
}
list(, $tpl) = explode('#', $k);
if (!empty($v->parent)) {
if (property_exists($v->parent, 'template_resource')) {
if (empty($depth[$v->parent->template_resource])) {
$depth[$v->parent->template_resource] = ++$d;
}
$included_templates[] = array('filename' => $tpl, 'depth' => $depth[$v->parent->template_resource]);
}
}
}
$assigned_vars = Registry::get('view')->tpl_vars;
ksort($assigned_vars);
$exclude_vars = array('_REQUEST', 'config', 'settings', 'runtime', 'demo_password', 'demo_username', 'empty', 'ldelim', 'rdelim');
foreach ($assigned_vars as $name => $value_obj) {
if (in_array($name, $exclude_vars)) {
unset($assigned_vars[$name]);
} else {
$assigned_vars[$name] = $value_obj->value;
}
}
self::$totals['time_page'] = $ch_p[count($ch_p) - 1]['time'] - $ch_p[0]['time'];
self::$totals['memory_page'] = ($ch_p[count($ch_p) - 1]['memory'] - $ch_p[0]['memory']) / 1024;
self::$totals['count_queries'] = count(self::$queries);
self::$totals['count_tpls'] = count($included_templates);
$runtime = fn_foreach_recursive(Registry::get('runtime'), '.');
foreach ($runtime as $key => $value) {
if (in_array(gettype($value), array('object', 'resource'))) {
$runtime[$key] = gettype($value);
}
}
$data = array('request' => array('request' => $_REQUEST, 'server' => $_SERVER, 'cookie' => $_COOKIE), 'config' => array('runtime' => $runtime), 'sql' => array('totals' => array('count' => self::$totals['count_queries'], 'rcount' => 0, 'time' => self::$totals['time_queries']), 'queries' => self::$queries), 'backtraces' => self::$backtraces, 'logging' => self::$checkpoints, 'templates' => array('tpls' => $included_templates, 'vars' => $assigned_vars), 'totals' => self::$totals);
$datas = Registry::get('debugger.data');
$datas = is_array($datas) ? $datas : array();
foreach (array_keys($datas) as $id) {
foreach (array_keys($datas[$id]) as $time) {
if ($time < time() - self::EXPIRE_DEBUGGER) {
unset($datas[$id][$time]);
}
}
if (empty($datas[$id])) {
unset($datas[$id]);
}
}
$datas[$debugger_id][$data_time] = $data;
Registry::set('debugger.data', $datas);
Registry::get('view')->assign('debugger_id', $debugger_id);
Registry::get('view')->assign('debugger_hash', $data_time);
Registry::get('view')->assign('totals', self::$totals);
Registry::get('view')->display('views/debugger/debugger.tpl');
return true;
}
/**
* Garbage collector (do nothing as redis takes care about deletion of expired keys)
*
* @param int $max_lifetime session lifetime
*
* @return boolean always true
*/
public function gc($max_lifetime)
{
// Move expired sessions to sessions storage
$session_ids = array_map(function ($key) {
return substr($key, strrpos($key, ':') + 1);
}, $this->query('keys', $this->id('*')));
if (!empty($session_ids)) {
foreach ($session_ids as $sess_id) {
$session = $this->query('hGetAll', $this->id($sess_id));
if (empty($session) || $session['expiry'] < TIME) {
if (!empty($session['data'])) {
Session::expire($sess_id, $session);
}
$this->delete($sess_id);
}
}
}
return true;
}
function fn_order_placement_routines($action = '', $order_id = 0, $force_notification = array(), $clear_cart = true, $area = AREA)
{
if (Embedded::isLeft() && !Embedded::isEnabled()) {
Embedded::enable();
}
if ($action == 'checkout_redirect') {
if ($area == 'A') {
fn_redirect("order_management.edit?order_id=" . reset($_SESSION['cart']['processed_order_id']));
} else {
fn_redirect('checkout.checkout');
}
} elseif (in_array($action, array('save', 'repay', 'route')) && !empty($order_id)) {
$order_info = fn_get_order_info($order_id, true);
$display_notification = true;
fn_set_hook('placement_routines', $order_id, $order_info, $force_notification, $clear_cart, $action, $display_notification);
if (!empty($_SESSION['cart']['placement_action'])) {
if (empty($action)) {
$action = $_SESSION['cart']['placement_action'];
}
unset($_SESSION['cart']['placement_action']);
}
if ($area == 'C' && !empty($order_info['user_id'])) {
$__fake = '';
fn_save_cart_content($__fake, $order_info['user_id']);
}
$edp_data = fn_generate_ekeys_for_edp(array(), $order_info);
fn_order_notification($order_info, $edp_data, $force_notification);
$_error = false;
if ($action == 'save') {
if ($display_notification) {
fn_set_notification('N', __('congratulations'), __('text_order_saved_successfully'));
}
} else {
if ($order_info['status'] == STATUS_PARENT_ORDER) {
$child_orders = db_get_hash_single_array("SELECT order_id, status FROM ?:orders WHERE parent_order_id = ?i", array('order_id', 'status'), $order_id);
$status = reset($child_orders);
$child_orders = array_keys($child_orders);
} else {
$status = $order_info['status'];
}
if (in_array($status, fn_get_order_paid_statuses())) {
if ($action == 'repay') {
fn_set_notification('N', __('congratulations'), __('text_order_repayed_successfully'));
} else {
fn_set_notification('N', __('order_placed'), __('text_order_placed_successfully'));
}
} elseif ($status == STATUS_BACKORDERED_ORDER) {
fn_set_notification('W', __('important'), __('text_order_backordered'));
} else {
if ($area == 'A' || $action == 'repay') {
if ($status != STATUS_CANCELED_ORDER) {
$_payment_info = db_get_field("SELECT data FROM ?:order_data WHERE order_id = ?i AND type = 'P'", $order_id);
if (!empty($_payment_info)) {
$_payment_info = unserialize(fn_decrypt_text($_payment_info));
$_msg = !empty($_payment_info['reason_text']) ? $_payment_info['reason_text'] : '';
$_msg .= empty($_msg) ? __('text_order_placed_error') : '';
fn_set_notification('E', '', $_msg);
}
}
} else {
$_error = true;
if (!empty($child_orders)) {
array_unshift($child_orders, $order_id);
} else {
$child_orders = array();
$child_orders[] = $order_id;
}
$_SESSION['cart'][$status == STATUS_INCOMPLETED_ORDER ? 'processed_order_id' : 'failed_order_id'] = $child_orders;
}
if ($status == STATUS_INCOMPLETED_ORDER || $action == 'repay' && $status == STATUS_CANCELED_ORDER) {
fn_set_notification('W', __('important'), __('text_transaction_cancelled'));
}
}
}
// Empty cart
if ($clear_cart == true && $_error == false) {
$_SESSION['cart'] = array('user_data' => !empty($_SESSION['cart']['user_data']) ? $_SESSION['cart']['user_data'] : array(), 'profile_id' => !empty($_SESSION['cart']['profile_id']) ? $_SESSION['cart']['profile_id'] : 0, 'user_id' => !empty($_SESSION['cart']['user_id']) ? $_SESSION['cart']['user_id'] : 0);
$_SESSION['shipping_rates'] = array();
unset($_SESSION['shipping_hash']);
db_query('DELETE FROM ?:user_session_products WHERE session_id = ?s AND type = ?s', Session::getId(), 'C');
}
fn_set_hook('order_placement_routines', $order_id, $force_notification, $order_info, $_error);
if ($area == 'A') {
fn_redirect("orders.details?order_id={$order_id}");
} else {
fn_redirect('checkout.' . ($_error ? 'checkout' : "complete?order_id={$order_id}"));
}
} elseif ($action == 'index_redirect') {
fn_redirect(fn_url('', 'C', 'http'));
} else {
fn_redirect(fn_url($action, 'C', 'http'));
}
}
/**
* Processes payment form to make payment submit via non-embedded mode
* @param string $submit_url payment submit URL
* @param array $data payment data
* @param array $payment_name payment name
* @param boolean $exclude_empty_values flag to exclude empty values
* @param string $method submit method
* @return array data to submit form to host server
*/
public static function processPaymentForm($submit_url, $data, $payment_name, $exclude_empty_values, $method)
{
$data = array(Session::getName() => Session::getId(), 'data' => json_encode(array('submit_url' => $submit_url, 'data' => $data, 'payment_name' => $payment_name, 'method' => $method, 'exclude_empty_values' => $exclude_empty_values)));
$submit_url = fn_url('payment_notification.process_embedded');
$method = 'post';
$payment_name = '';
return array($submit_url, $data, $method, $payment_name);
}
/**
* Expire session, move it to stored sessions and log out user
*
* @param string $sess_id session ID
* @param array $session session data
*/
public static function expire($sess_id, $session)
{
$sess_data = Session::decode($session['data']);
db_query('REPLACE INTO ?:stored_sessions ?e', array('session_id' => $sess_id, 'data' => self::encode(array('settings' => $sess_data['settings'])), 'expiry' => $session['expiry']));
if (!empty($sess_data['auth'])) {
fn_log_user_logout($sess_data['auth'], $session['expiry']);
}
}
public static function orderPlacementRoutines($order_id, $force_notification = array(), $clear_cart = true, $action = '')
{
// don't show notifications
// only clear cart
$order_info = fn_get_order_info($order_id, true);
$display_notification = true;
fn_set_hook('placement_routines', $order_id, $order_info, $force_notification, $clear_cart, $action, $display_notification);
if (!empty($_SESSION['cart']['placement_action'])) {
if (empty($action)) {
$action = $_SESSION['cart']['placement_action'];
}
unset($_SESSION['cart']['placement_action']);
}
if (AREA == 'C' && !empty($order_info['user_id'])) {
$__fake = '';
fn_save_cart_content($__fake, $order_info['user_id']);
}
$edp_data = fn_generate_ekeys_for_edp(array(), $order_info);
fn_order_notification($order_info, $edp_data, $force_notification);
// Empty cart
if ($clear_cart == true && substr_count('OPT', $order_info['status']) > 0) {
$_SESSION['cart'] = array('user_data' => !empty($_SESSION['cart']['user_data']) ? $_SESSION['cart']['user_data'] : array(), 'profile_id' => !empty($_SESSION['cart']['profile_id']) ? $_SESSION['cart']['profile_id'] : 0, 'user_id' => !empty($_SESSION['cart']['user_id']) ? $_SESSION['cart']['user_id'] : 0);
db_query('DELETE FROM ?:user_session_products WHERE session_id = ?s AND type = ?s', Session::getId(), 'C');
}
$is_twg_hook = true;
$_error = false;
fn_set_hook('order_placement_routines', $order_id, $force_notification, $order_info, $_error, $is_twg_hook);
}
$_return .= '&Signature=' . $sign;
$_return .= '&aws-access-key-id=' . $aws_access_key;
}
echo $_return;
exit;
} elseif ($message_recognizer == 'NewOrderNotification') {
// Order was placed by Amazon checkout. We need to proceed the callback.
list($amazon_sess_id, $payment_id) = explode(';', base64_decode((string) $xml->ProcessedOrder->ProcessedOrderItems->ProcessedOrderItem->CartCustomData->ClientRequestId));
$processor_data = fn_get_payment_method_data($payment_id);
// If we use the signed cart, validate the request
if (!fn_amazon_validate_request($processor_data, $_POST)) {
die('Access denied');
}
// Restart session
if (!empty($amazon_sess_id)) {
Session::resetId($amazon_sess_id);
fn_payments_set_company_id(0, $_SESSION['settings']['company_id']['value']);
$cart =& $_SESSION['cart'];
$auth =& $_SESSION['auth'];
}
// Compare the cart data with the Amazon request
if (!fn_amazon_validate_cart_data($cart, $xml)) {
fn_set_notification('E', __('error'), 'text_amazon_incorrect_products_count');
exit;
}
$transaction_id = (string) $xml->ProcessedOrder->AmazonOrderID;
// Prevent the double notifications
$reference_id = (string) $xml->NotificationReferenceId;
if (!empty($_SESSION['reference_id']) && $_SESSION['reference_id'] == $reference_id) {
exit;
} else {